{% extends "basetemplate.html" %}
{% block title %}Simple SQL Injection - {% endblock %}
{% block head %}
    {{ super() }}
{% endblock %}
{% block instructions %}
    <p>
        There is an sql injection in this search there are a couple of hidden posts and a secret post.  See if you can get all the information including the secrets.
    </p>
{% endblock %}
{% block content %}
    <h1>Simple SQL Injection</h1>
    <p>
        <form method="POST" target="">
            <div class="form-group">
                <input type="text" placeholder="Search Name" id="search" name="search" class="form-control" value="{{ search if search else ''}}" />
            </div>
            <button type="submit" class="btn btn-success">Search</button>
        </form>
    </p>
    {% if comments %}
        <table class="table">
            <thead class="thead-inverse">
                <tr>
                    <th>Name</th>
                    <th>Phone #</th>
                    <th>Date Joined</th>
                </tr>
            </thead>
            <tbody>
                {% for comment in comments %}
                    <tr>
                        <td>{{ comment[1] }}</td>
                        <td>{{ comment[2] }}</td>
                        <td>{{ comment[3] }}</td>
                    </tr>
                {% endfor %}
            </tbody>
        </table>
    {% endif %}
{% endblock %}
{% block footer %}
    {{ super() }}
{% endblock %}
{% block scripts %}
    {{ super() }}
{% endblock %}